iThemes Security (formerly Better WP Security)
disabling wp-content/uploads php execution doesn't work in nginx 1.6 (1 post)

  1. primolarry
    Posted 1 year ago #

    The inserted rule:

    # Rules to prevent php execution in uploads
    location ^(.*)/uploads/(.*).php(.?){ deny all; }

    Doesn't work. Instead, I suggest this one:

    # Prevent any potentially-executable files in the uploads directory from being executed
    # by forcing their MIME type to text/plain
    location ~* ^/wp-content/uploads/.*.(|php|js|swf|WHATEVEROTHERTYPEYOUWANT)$ {
    types { }
    default_type text/plain;

    Source: http://www.queryadmin.com/854/secure-wordpress-nginx/


Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic